intricacy 0.8.0 → 0.8.0.1
raw patch · 6 files changed
+27/−31 lines, 6 filesdep +cryptonitedep +memorydep −RSAdep −crypto-apidep −crypto-pubkey-typesdep ~safe
Dependencies added: cryptonite, memory
Dependencies removed: RSA, crypto-api, crypto-pubkey-types, cryptohash
Dependency ranges changed: safe
Files
- Database.hs +4/−3
- Interact.hs +5/−6
- Protocol.hs +1/−1
- Server.hs +9/−10
- Version.hs +1/−1
- intricacy.cabal +7/−10
Database.hs view
@@ -23,9 +23,9 @@ import System.FilePath import System.IO -import Crypto.Hash (Digest, SHA1,- digestToHexByteString, hashlazy)-import Crypto.Types.PubKey.RSA (PrivateKey, PublicKey)+import Crypto.Hash (Digest, SHA1, hashlazy)+import Crypto.PubKey.RSA.Types (PrivateKey, PublicKey)+import Data.ByteArray.Encoding (Base (..), convertToBase) import Lock import Metagame@@ -36,6 +36,7 @@ sha1 = hashlazy hash :: String -> String hash = CS.unpack . digestToHexByteString . sha1 . CL.pack+ where digestToHexByteString = convertToBase Base16 data Record = RecPasswordLegacy Codename
Interact.hs view
@@ -35,9 +35,9 @@ import System.Directory import System.FilePath -import Codec.Crypto.RSA (encrypt)-import Crypto.Random (SystemRandom, newGenIO)-import Crypto.Types.PubKey.RSA (PublicKey)+import Crypto.Hash.Algorithms (SHA256 (..))+import Crypto.PubKey.RSA.OAEP (defaultOAEPParams, encrypt)+import Crypto.PubKey.RSA.Types (PublicKey) import AsciiLock import Cache@@ -789,9 +789,8 @@ encryptPassword publicKey name password = msum [ MaybeT . liftIO . handle (\(e :: SomeException) -> return Nothing) $ do- g <- newGenIO :: IO SystemRandom- return . Just . CS.unpack . BL.toStrict . fst . encrypt g publicKey .- BL.fromStrict . CS.pack $ hashed+ Right c <- encrypt (defaultOAEPParams SHA256) publicKey . CS.pack $ hashed+ return . Just . CS.unpack $ c , confirmOrBail "Failed to encrypt password - send unencrypted?" >> return hashed
Protocol.hs view
@@ -13,7 +13,7 @@ import Control.Monad import Data.Binary -import Crypto.Types.PubKey.RSA (PublicKey)+import Crypto.PubKey.RSA.Types (PublicKey) import BinaryInstances import Lock
Server.hs view
@@ -26,6 +26,7 @@ import Control.Monad.Trans.Reader import Control.Monad.Trans.State import Data.Array+import Data.Bifunctor (bimap) import qualified Data.Binary as B import qualified Data.ByteString.Char8 as CS import qualified Data.ByteString.Lazy as BL@@ -53,10 +54,10 @@ import Text.Feed.Import (parseFeedFromFile) import qualified Text.XML as XML -import Codec.Crypto.RSA (RSAError, decrypt, generateKeyPair) import qualified Crypto.Argon2 as A2-import Crypto.Random (SystemRandom, newGenIO)-import Crypto.Types.PubKey.RSA (PrivateKey, PublicKey)+import Crypto.Hash.Algorithms (SHA256 (..))+import Crypto.PubKey.RSA (generate)+import Crypto.PubKey.RSA.OAEP (decrypt, defaultOAEPParams) import Network.Mail.Mime (plainPart) import qualified Network.Mail.SMTP as SMTP@@ -130,17 +131,16 @@ alreadySet <- recordExists RecServerInfo unless alreadySet $ putRecord RecServerInfo (RCServerInfo $ defaultServerInfo locksize) -rsaKeyLength = 2048- setKeyPair :: DBM () setKeyPair = do alreadySet <- recordExists RecPublicKey unless alreadySet $ do- g <- liftIO newGenIO :: DBM SystemRandom- let (publicKey, secretKey, _) = generateKeyPair g rsaKeyLength+ (publicKey, secretKey) <- liftIO $ generate 256 65537 putRecord RecPublicKey $ RCPublicKey publicKey putRecord RecSecretKey $ RCSecretKey secretKey +-- Note: switching to cryptonite's argon2 implementation would not be+-- straightforwardsly backwards-compatible, the output format is different. argon2 :: String -> ExceptT String IO String argon2 s = either (throwE . show) return $ TSh.unpack <$> A2.hashEncoded hashOptions (CS.pack s) (CS.pack salt)@@ -406,10 +406,9 @@ decryptPassword :: String -> ExceptT String IO String decryptPassword pw = do RCSecretKey secretKey <- getRecordErrored RecSecretKey- liftIO $ evaluate (CS.unpack . BL.toStrict .- decrypt secretKey . BL.fromStrict . CS.pack $ pw)+ ExceptT . return . bimap show CS.unpack .+ decrypt Nothing (defaultOAEPParams SHA256) secretKey . CS.pack $ pw -- <=intricacy-0.6.2 sends the hashed password unencrypted- `catch` \(e :: RSAError) -> return pw convertLegacyPW :: Codename -> IO () convertLegacyPW name = void . runExceptT $ do RCPasswordLegacy legacyPw <- getRecordErrored (RecPasswordLegacy name)
Version.hs view
@@ -11,4 +11,4 @@ module Version where version :: String-version = "0.7.2"+version = "0.8.0.1"
intricacy.cabal view
@@ -1,6 +1,6 @@ cabal-version: >=1.10 name: intricacy-version: 0.8.0+version: 0.8.0.1 license: GPL-3 license-file: COPYING maintainer: mbays@sdf.org@@ -116,11 +116,9 @@ vector >=0.9 && <0.13, binary >=0.5 && <0.9, network-fancy >=0.1.5 && <0.3,- cryptohash >=0.8 && <0.12,- safe >=0.2 && <0.4,- RSA >=2.0 && <2.5,- crypto-pubkey-types >=0.2 && <0.5,- crypto-api >=0.10 && <0.14+ safe >=0.3.18 && <0.4,+ memory >= 0.11 && <0.16,+ cryptonite >= 0.16 && <0.28 if !impl(ghc >=8.0) build-depends: semigroups ==0.18.*@@ -220,10 +218,7 @@ vector >=0.9 && <0.13, binary >=0.5 && <0.9, network-fancy >=0.1.5 && <0.3,- cryptohash >=0.8 && <0.12,- RSA >=2.0 && <2.5,- crypto-pubkey-types >=0.2 && <0.5,- crypto-api >=0.10 && <0.14,+ safe >=0.3.18 && <0.4, random >=1.0 && <1.3, pipes >=4 && <4.4, feed >=1.1 && <1.4,@@ -233,6 +228,8 @@ text-short ==0.1.*, mime-mail >=0.4.4 && < 0.6, smtp-mail >=0.1.4.1 && < 0.4,+ memory >= 0.11 && <0.16,+ cryptonite >= 0.16 && <0.28, argon2 ==1.3.* if !impl(ghc >=8.0)